miércoles, 10 de mayo de 2017

Seguridad - Se filtran contraseñas en Google Apps

El equipo de Google Apps esta enviando notificaciones vía correo electrónico alertando sobre filtraciones de contraseñas de algunas cuentas en ciertos dominios vinculados a su plataforma.

Esto es para cualquiera entrar en pánico 😱, tomando en cuenta la cantidad de empresas que han pasado sus operaciones a la nube usando este servicio.

Realmente Google Apps es de las plataformas mas famosas que hay para la nube, solamente opacada por Windows Azure, en competencia con Dropbox para empresas, Onedrive Empresarial y otros.

Pero, aunque alarma, la verdad no es para perder la razón. Inmediatamente hay que seguir las instrucciones dadas por Google Apps y cambiar las contraseñas. Preferiblemente por una contraseña compleja de 4 elementos (Letras vocales y consonantes mayúsculas y minúsculas, números y símbolos), de mínimo de 8 caracteres y que no sea utilizada en ningún otro servicio web.

A continuación les dejo un "paste" del correo enviado con modificaciones para proteger a nuestras fuentes.

------------------------------------
The following is an automated security notification from Google about your domain accounts.

Google has become aware of a security incident involving a password leakage that may have affected some users in your Google Apps domain: "Domain.com" (*domain name has been changed to preserve anonanimity.)

The following users were found on a publicly posted list of compromised credentials. Common causes of password theft are viruses, user responses to phishing emails, or the use of the same password on many different websites, of which one or more have been compromised by attackers.

"User@domain.com"
(*username has been changed to preserve anonanimity)

ACTIONS REQUIRED

1. To reset the user's password, follow the steps in this Help Center article:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=33319

Inform the user of their new temporary password, and ask them to set a new password (it should not be a password used with any other sites). 

2. To help check whether their account might have been compromised, advise users to:

Check for filters and forwarding rules so that email is not being forwarding to suspect addresses.
Check to make sure their signature has not been changed.

BEST PRACTICES FOR SECURITY

As an administrator, you may also consider implementing additional security features for your Google Apps domain:

1. Enrolling your domain in 2-step verification, which offers an additional layer of user authentication:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=175197

2. Completing the Gmail Security Checklist:
https://support.google.com/mail/bin/static.py?hl=en&page=checklist.cs&tab=29488

Additional Information about the activity of affected user accounts can be obtained by using the Audit API:
http://code.google.com/googleapps/domain/audit/docs/1.0/audit_developers_guide_protocol.html

Sincerely,

The Google Apps Team
-------------------------------------

Fuente: ELTECNIQUITO Press

Sent from my Windows Phone

0 comentarios:

My Tweets

Protegelas.com